IA-12(1): Supervisor Authorization

CSF v1.1 References:


(Not part of any baseline)

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: IA-4(2): Supervisor Authorization.

Control Statement

Require that the registration process to receive an account for logical access includes supervisor or sponsor authorization.

Supplemental Guidance

Including supervisor or sponsor authorization as part of the registration process provides an additional level of scrutiny to ensure that the user's management chain is aware of the account, the account is essential to carry out organizational missions and functions, and the user's privileges are appropriate for the anticipated responsibilities and authorities within the organization.